Systems and methods for detecting the presence of web tracking

US 9,197,711 B1
Filed: 02/22/2013
Issued: 11/24/2015
Est. Priority Date: 02/22/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for detecting the presence of web tracking, at least a portion of the method being performed by a computing device comprising at least one hardware processor, the method comprising:

identifying, at the computing device, an Internet resource that is retrieved from an initial domain and that triggers a hypertext transfer protocol request directed to an additional domain that is different from the initial domain;

determining, based on a difference between the initial domain and the additional domain, that the hypertext transfer protocol request comprises a third-party hypertext transfer protocol request;

identifying a hypertext transfer protocol cookie that is sent from the additional domain in response to the third-party hypertext transfer protocol request;

without examining contents of the hypertext transfer protocol cookie, determining, based on an expiration date of the hypertext transfer protocol cookie occurring after a predetermined threshold of time and the difference between the initial domain and the additional domain, that the hypertext transfer protocol cookie comprises a third-party tracking cookie.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for detecting the presence of web tracking may include identifying an Internet resource that may be retrieved from an initial domain and that may trigger a hypertext transfer protocol request directed to an additional domain that may be different from the initial domain, determining, based on a difference between the initial domain and the additional domain, that the hypertext transfer protocol request may include a third-party hypertext transfer protocol request, identifying a hypertext transfer protocol cookie that may be sent from the additional domain in response to the third-party hypertext transfer protocol request and determining, based on an expiration date of the hypertext transfer protocol cookie and the difference between the initial domain and the additional domain, that the hypertext transfer protocol cookie may include a third-party tracking cookie. Various other methods, systems, and computer-readable media are also disclosed.

14 Citations

View as Search Results

20 Claims

1. A computer-implemented method for detecting the presence of web tracking, at least a portion of the method being performed by a computing device comprising at least one hardware processor, the method comprising:
- identifying, at the computing device, an Internet resource that is retrieved from an initial domain and that triggers a hypertext transfer protocol request directed to an additional domain that is different from the initial domain;
  
  determining, based on a difference between the initial domain and the additional domain, that the hypertext transfer protocol request comprises a third-party hypertext transfer protocol request;
  
  identifying a hypertext transfer protocol cookie that is sent from the additional domain in response to the third-party hypertext transfer protocol request;
  
  without examining contents of the hypertext transfer protocol cookie, determining, based on an expiration date of the hypertext transfer protocol cookie occurring after a predetermined threshold of time and the difference between the initial domain and the additional domain, that the hypertext transfer protocol cookie comprises a third-party tracking cookie.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computer-implemented method of claim 1, further comprising:
    - identifying a second Internet resource that is retrieved from a second initial domain and that triggers a second hypertext transfer protocol request directed to a second additional domain that is different from the second initial domain;
      
      determining, based on a second difference between the second initial domain and the second additional domain, that the second hypertext transfer protocol request comprises a second third-party hypertext transfer protocol request;
      
      identifying a second hypertext transfer protocol cookie that is sent by the second third-party hypertext transfer protocol request;
      
      determining, based on the second difference between the second initial domain and the second additional domain, that the second hypertext transfer protocol cookie comprises a second third-party tracking cookie.
  - 3. The computer-implemented method of claim 1,further comprising determining that the third-party hypertext transfer protocol request does not send a second hypertext transfer protocol cookie;
    - wherein identifying the hypertext transfer protocol cookie that is sent from the additional domain in response to the third-party hypertext transfer protocol request is in response to determining that the third-party hypertext transfer protocol request does not send the second hypertext transfer protocol cookie.
  - 4. The computer-implemented method of claim 1, further comprising performing a security action based on determining that the hypertext transfer protocol cookie comprises the third-party tracking cookie.
  - 5. The computer-implemented method of claim 4, wherein the security action comprises at least one of:
    - blocking the third-party tracking cookie;
      
      alerting a user about the third-party tracking cookie;
      
      storing, in a security database, the additional domain of the hypertext transfer protocol cookie and a characterization of the hypertext transfer protocol cookie as the third-party tracking cookie;
      
      blacklisting the additional domain of the third-party tracking cookie.
  - 6. The computer-implemented method of claim 1, wherein determining, based on the additional domain, that the hypertext transfer protocol request comprises a third-party hypertext transfer protocol request comprises determining that there is a difference between a request target of the hypertext transfer protocol request and a referrer of the hypertext transfer protocol request.
  - 7. The computer-implemented method of claim 1, wherein identifying the Internet resource comprises collecting hypertext transfer protocol session data.
  - 8. The computer-implemented method of claim 1, further comprising:
    - sending a second hypertext transfer protocol request without a do-not-track header to a domain;
      
      deleting at least one hypertext transfer protocol cookie sent by the second hypertext transfer protocol request;
      
      sending a third hypertext transfer protocol request with the do-not-track header to the domain;
      
      comparing a second hypertext transfer protocol response from the domain elicited by the second hypertext transfer protocol request with a third hypertext transfer protocol response from the domain elicited by the third hypertext transfer protocol request.
  - 9. The computer-implemented method of claim 8, further comprising at least one of:
    - identifying a second hypertext transfer protocol cookie sent by the second hypertext transfer protocol response but not sent by the third hypertext transfer protocol response;
      
      identifying the second hypertext transfer protocol cookie sent by the third hypertext transfer protocol response but not sent by the second hypertext transfer protocol response.
  - 10. The computer-implemented method of claim 1, further comprising:
    - sending a second hypertext transfer protocol request without a do-not-track header to a domain;
      
      maintaining at least one hypertext transfer protocol cookie sent by the second hypertext transfer protocol request;
      
      sending a third hypertext transfer protocol request with the do-not-track header to the domain;
      
      comparing a second hypertext transfer protocol response from the domain elicited by the second hypertext transfer protocol request with a third hypertext transfer protocol response from the domain elicited by the third hypertext transfer protocol request.
  - 11. The computer-implemented method of claim 10, further comprising at least one of:
    - identifying a second hypertext transfer protocol cookie sent by the third hypertext transfer protocol response but not sent by the second hypertext transfer protocol response;
      
      identifying the second hypertext transfer protocol cookie sent by the second hypertext transfer protocol response and deleted by the third hypertext transfer protocol response;
      
      identifying the second hypertext transfer protocol cookie sent by the second hypertext transfer protocol response and modified by the third hypertext transfer protocol response.

12. A system for detecting the presence of web tracking:
- the system comprising;
  
  a resource identification module programmed to identify an Internet resource that is retrieved from an initial domain and that triggers a hypertext transfer protocol request directed to an additional domain that is different from the initial domain;
  
  a request determination module programmed to determine, based on a difference between the initial domain and the additional domain, that the hypertext transfer protocol request comprises a third-party hypertext transfer protocol request;
  
  a cookie identification module programmed to identify a hypertext transfer protocol cookie that is sent from the additional domain in response to the third-party hypertext transfer protocol request;
  
  a cookie determination module programmed to, without examining contents of the hypertext transfer protocol cookie, determine, based on an expiration date of the hypertext transfer protocol cookie occurring after a predetermined threshold of time and the difference between the initial domain and the additional domain, that the hypertext transfer protocol cookie comprises a third-party tracking cookie;
  
  at least one hardware processor configured to execute the resource identification module, the request determination module, the cookie identification module, and the cookie determination module.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The system of claim 12, further comprising:
    - the resource identification module is programmed to identify a second Internet resource that is retrieved from a second initial domain and that triggers a second hypertext transfer protocol request directed to a second additional domain that is different from the second initial domain;
      
      the request determination module is programmed to determine, based on a second difference between the second initial domain and the second additional domain, that the second hypertext transfer protocol request comprises a second third-party hypertext transfer protocol request;
      
      the cookie identification module is programmed to identify a second hypertext transfer protocol cookie that is sent by the second third-party hypertext transfer protocol request;
      
      the cookie determination module is programmed to determine, based on the second difference between the second initial domain and the second additional domain, that the second hypertext transfer protocol cookie comprises a second third-party tracking cookie.
  - 14. The system of claim 12, further comprising:
    - the request determination module is programmed to determine that the third-party hypertext transfer protocol request does not send a second hypertext transfer protocol cookie;
      
      wherein the cookie identification module is programmed to identify the hypertext transfer protocol cookie that is sent from the additional domain in response to the third-party hypertext transfer protocol request in response to the request determination module determining that the third-party hypertext transfer protocol request does not send the second hypertext transfer protocol cookie.
  - 15. The system of claim 12, further comprising a security module programmed to perform a security action based on determining that the hypertext transfer protocol cookie comprises the third-party tracking cookie.
  - 16. The system of claim 15, wherein the security module is programmed to perform at least one of:
    - blocking the third-party tracking cookie;
      
      alerting a user about the third-party tracking cookie;
      
      storing, in a security database, the additional domain of the hypertext transfer protocol cookie and a characterization of the hypertext transfer protocol cookie as the third-party tracking cookie;
      
      blacklisting the additional domain of the third-party tracking cookie.
  - 17. The system of claim 12, wherein the request determination module is programmed to determine, based on the additional domain, that the hypertext transfer protocol request comprises a third-party hypertext transfer protocol request by determining that there is a difference between a request target of the hypertext transfer protocol request and a referrer of the hypertext transfer protocol request.
  - 18. The system of claim 12, wherein the resource identification module is programmed to identify the Internet resource by collecting hypertext transfer protocol session data.
  - 19. The system of claim 12, further comprising:
    - a sending module programmed to send a second hypertext transfer protocol request without a do-not-track header to a domain;
      
      a deleting module programmed to delete at least one hypertext transfer protocol cookie sent by the second hypertext transfer protocol request;
      
      the sending module is programmed to send a third hypertext transfer protocol request with the do-not-track header to the domain;
      
      a comparing module programmed to compare a second hypertext transfer protocol response from the domain elicited by the second hypertext transfer protocol request with a third hypertext transfer protocol response from the domain elicited by the third hypertext transfer protocol request.

20. A non-transitory computer-readable-storage medium comprising one or more computer-readable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
- identify an Internet resource that is retrieved from an initial domain and that triggers a hypertext transfer protocol request directed to an additional domain that is different from the initial domain;
  
  determine, based on a difference between the initial domain and the additional domain, that the hypertext transfer protocol request comprises a third-party hypertext transfer protocol request;
  
  identify a hypertext transfer protocol cookie that is sent from the additional domain in response to the third-party hypertext transfer protocol request;
  
  without examining contents of the hypertext transfer protocol cookie, determine, based on an expiration date of the hypertext transfer protocol cookie occurring after a predetermined threshold of time and the difference between the initial domain and the additional domain, that the hypertext transfer protocol cookie comprises a third-party tracking cookie.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gen Digital Inc.
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Efstathopoulos, Petros, Li, Tai-Ching
Primary Examiner(s)
Osman, Ramy M

Application Number

US13/774,967
Time in Patent Office

1,005 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/10   for controlling access to d...

H04L 63/126   the source of the received ...

H04L 63/1441   Countermeasures against mal...

H04L 67/02   based on web technology, e....

H04L 67/306   User profiles

H04L 67/535   Tracking the activity of th...

Systems and methods for detecting the presence of web tracking

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

14 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for detecting the presence of web tracking

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others